staying safe and secret online at work

A few weeks ago a friend asked me out of curiosity if her IT department could see everything she was doing online. Yes, they can. A friend of mine who handled IT for a law firm once told me that he and his manager had a record of every employee’s passwords to personal accounts (seriously, like bank accounts) and routinely watched their activities by opening employees’ screens on their own. They would follow IM conversations between employees and literally knew everything that was “secretly” happening in the firm. Terrifying.

If IT wants to open your screen on theirs and watch what you’re doing, there’s not much you can do about it. But here are three things I do to allow a modicum of privacy. Bear in mind, I’m not an IT guy. This is just information from an amateur who digs privacy.

1) I use the Firefox add-on called KeyScrambler which encrypts your keystrokes before they hit the browser. This is useful if your IT department (or other Big Brother) has a keylogger installed. (A keylogger is a program that records all your keystrokes.)

2) This is certainly not a universal solution but just another layer of safety: I have two monitors at work. I make sure all my personal surfing is on the secondary monitor. Now, at another job I had, I’m pretty sure IT could see both monitors when they viewed my screen. But at my current job, I had to have IT install something remotely and the IT guy asked me to drag it over to the main screen so he could see it. So while they can probably get to whatever you’re doing, it’s one more roadblock for them.

3) Most importantly, I use TOR (The Onion Router) when I want to want to hide my browser tracks and/or get around a firewall. In their words:

Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.

To use TOR, go to torproject.org and hit the download link. Then grab the appropriate bundle for your operating system. If you’re using Windows, the standard bundle should work fine. Don’t worry about the zero install version.

When you install TOR, you get a package of several applications and the TorButton addon for Firefox. The Torbutton creates a link in the bottom status bar of Firefox. When you want to hide your tracks, you click TorButton link and it will turn green and read “TorButton Enabled.” Once that happens, all your internet requests are bounced off servers all over the world.*

This does two things: makes you invisible to those trying to track your surfing and often gets you around those pesky firewalls and content filters at work. For example, my work blocks MySpace and Facebook. If I want to check them, I simply enable Tor and go. No filter stops me.

This also works to get around those filters that many places with free wifi use. Ever gotten online at a Panera or Corner Bakery and soon as you open your browser, you have to agree to their terms and conditions? Forget that. Those places are blocking certain content and probably watching your steps as you surf on their connection. Just enable TOR and you’re good.

TOR is also useful to me for my work. Because I work in the web department and our IT department has a lockdown on the web servers that we use, it’s a tremendous pain to try to get them to set-up anything out of the ordinary scope. So a few weeks ago, my bosses bought their own commercial hosting to use as our playground. The problem was that they couldn’t even login to our new hosting control panel because the corporate firewall blocked it. I told them about TOR and we got around that obstacle.

The huge downside to Tor is that it slows your connection like you’re on CompuServe dial-up. That part blows. But in return for some safety and security and freedom, it’s a small price to pay. You won’t want to leave it enabled all day at work but for those times when you just have to check in with Facebook, it’s sweet.

* Fun with TOR: find out where it’s routed you in the world by opening MySpace to see what language it’s in.